The Session Initial Protocol (SIP) is now widely used to establish multimedia communications, such as Voice over IP (VoIP), instant messaging (IM), audio and/or video conferencing, etc. over the Internet. SIP serves as a control mechanism to establish suitable connections between end points, through the Internet, and in most cases those connections employ another protocol, such as RTP, for the actual delivery of data. Thus, typically four IP ports (two at each end) are used for a multimedia connection, such as VoIP, one port at each end for the SIP communications, which serve as a control channel, and one port at each end for the payload data.
SIP is a text-based protocol, much like HTTP and SMTP, and the security issues that have previously affected HTTP web and SMTP mail communications are now threats to SIP-based communications. Such threats include Denial of Service (DOS) attacks, spoofing, malformed messages, spam (unwanted messages), hijacking, replay, etc. and can compromise SIP-based communications.
It is also contemplated that new attacks which exploit SIP-specific weaknesses also pose a threat to SIP-based communications. For example, SIP messages can be transported over TCP or UDP protocols and, in the latter case, attacks based upon the injection of attack packets can relatively easily be created.
Traditional network firewalls can provide basic port management to enable SIP-based communications through the firewall. However, such traditional firewalls do not provide any meaningful protection for SIP-based communications from attacks such as those described above.
As SIP-based communications, especially VoIP and audio/video conferencing, become more widespread and business critical, it is desirable to be able to successfully deal with attacks on SIP-based communications. Further, as SIP-based communications become more prevalent in the business world, the likelihood of attempts to exploit SIP related security issues becomes much greater.